ATBECHDEDKESFRGBGRITLILUNLSEMCPTIESILTLVFIRO..CY..TRBGCZEEHUPLSK....IS..............................*JDIM360 Ver 2.40 (30 Jan 2013) - 2100000/01836639EUROPEAN PATENT SPECIFICATIONB120131030EP06718472.1200601132007071320090302enenen3583420050114US20131030201344200709262007392013103020134420130516G06F 21/00 20130101AFI20070717BHEP deSYSTEM UND VERFAHREN FÜR ERLAUBNISBASIERTEN ZUGANG UNTER VERWENDUNG EINES GEMEINSAM GENUTZTEN KONTOSenSYSTEM AND METHOD FOR PERMISSION-BASED ACCESS USING A SHARED ACCOUNTfrSYSTEME ET PROCEDE D'ACCES FONDE SUR LA PERMISSION UTILISANT UN COMPTE SEPAREEP-A- 0 689 326US-A- 6 138 120US-B1- 6 748 420NEUMAN B C ET AL: "KERBEROS: AN AUTHENTICATION SERVICE FOR COMPUTER NETWORKS" IEEE COMMUNICATIONS MAGAZINE, IEEE SERVICE CENTER,NEW YORK, NY, US, vol. 32, no. 9, 1 September 1994 (1994-09-01), pages 33-38, XP000476553 ISSN: 0163-6804AIKEN, Davidc/o Citrix Systems, Inc. 851 West Cypress Creek RoadFort Lauderdale, Florida 33309USGAYLOR, Timothy R.c/o Citrix Systems, Inc. 851 West Cypress Creek RoadFort Lauderdale, Florida 33309USDILLS, Thomas B.,c/o Citrix Systems, Inc. 851 West Cypress Creek RoadFort Lauderdale, Florida 33309USCitrix Systems, Inc.1001003414330MNMms851 W. Cypress Creek RoadFort Lauderdale, FL 33309USModiano, Micaela Nadiaet al100048066Modiano Josif Pisanty & Staub Ltd Thierschstrasse 1180538 MünchenDEATBEBGCHCYCZDEDKEEESFIFRGBGRHUIEISITLILTLULVMCNLPLPTROSESISKTRUS200600140120060113enWO200607666420060720200629 Field of the Invention

The illustrative embodiment of the present invention relates generally to the use of a shared operating system logon session, and more particularly to the rapid switching and authentication of credentialed interactive users within a shared account without re-starting the logon session.

Background

An operating system logon session, such as a WINDOWS (from Microsoft Corporation of Redmond, Washington) logon session, is conventionally generated for each successful authentication on a computer. An initiating process, such as the Winlogon.exe process in a WINDOWS environment, loads a GINA (Graphical Identification aNd Authentication) which presents a logon dialog box to an interactive user. The GINA may be default operating system GINA (which in WINDOWS is the MSGINA.dll) or a third party GINA operating in lieu of, or in addition to, the operating system GINA. Multiple GINAs may be employed in a chain. The logon dialog box requests user information such as a usemame, password and optionally target domain. In stand-alone operating environments, the interactive user is authenticated and then proceeds to operate according to the access rights and privileges set forth in the user profile identified during authentication. In network environments, the date of a network roaming profile for a local interactive user may be compared against the date of a local profile with any newer files in the roaming profile used to update the files already present on the system.. In a network environment where the local interactive user is logged onto a client and wishes to access a server-hosted session, conventional methods of accessing the remotely hosted session assume that the interactive user accessing the remote session and the local user in the client operating system logon session are one and the same. Communications from the remote session are directed to the operating system logon session. When the local interactive user logs off from the remote session and leaves the client, the operating system logon session ends and a new logon session is started for the next local user.

Figure 1 depicts the conventional process by which multiple interactive users logon to a client in order to access remote sessions. The sequence begins when the interactive user logs on to the operating system domain, such as a WINDOWS domain, at the client (step 2). An operating system logon session, such as a WINDOWS logon session is generated and associated with the interactive user (step 4). A network-stored roaming profile is then acquired for the interactive user based on the information used to logon to the operating system domain (step 6). The network-stored profile is retrieved and the client may be checked for the presence of a local profile. If a local profile exists on the client, the profiles are compared with newer files in the roaming profile being used to update the profile of the interactive user. The interactive user then submits an authentication password to access a server-hosted domain or an application on the server-hosted domain (step 8). The interactive user is required to submit authentication for each application or domain he is attempting to access (step 9). This may require multiple authentications. After the interactive user has completed the remote session and logs off from the remote session, the operating system logon session must also be logged off (step 10) before a subsequent interactive user is able to access the client (step 12). The subsequent interactive user is required to begin a new operating system logon process (step 2) before accessing a remote session.

Conventionally, the switching of interactive users on a client or kiosk in communication with the server necessitates the ending of both the remote session and the operating system logon session and the subsequent generation of a new operating system logon session and new connection to a remote session for a new local interactive user. Unfortunately, the requirement of a new operating system logon session for each new local interactive user results in sub-optimal wait times for users in time-sensitive locations such as hospitals. For example, if a first doctor accesses a computer in a hospital and then responds to a patient, a second doctor using the computer is not going to want to wait for authentication processes required with an entirely new operating system logon session. Additionally, conventional shared workstations are subject to unauthorized use and make it difficult to provide accountability for the actions taken by users at the workstations.

In EP0689326 a method is disclosed of operating a computer network including a client computer and a server computer, wherein a user of the network may be automatically assigned a local identity at the server. The method allows a large population of network identities to be mapped to "guest" or temporary locally-meaningful identities on a server computer for normal access, and then assigning a permanent local identity to a network identity only when an "ownership fault" occurs, thus avoiding the creation a locally-meaningful identity for every network user on each and every server on the network.

In US6748420 a system is disclosed which provides concurrent access by multiple participants to a single shared session of a software application served by a web server. The system allows to create a collaborative shared session that allows two or more independent sessions (e.g., two different computer user HTTP sessions) to share a single shared application session existing in the web or application server.

Brief Summary

The illustrative embodiment of the present invention provides a mechanism for rapidly authenticating an interactive user in an operating system logon session based on a shared account by using a credential delivery application to enable permission-based access to a user's remote session from the shared account. The present invention provides the ability to switch local interactive users, authenticate the new interactive user, and switch the remote session without requiring the client to first establish a new logon session tied to the new local interactive user. The present invention also alters the normal locking mechanism found in operating system logon sessions so as to restrict access to an interactive local user's applications (both local and remote) while still allowing the rapid switching of interactive users at the client device.

In one embodiment, a system includes a storage location holding multiple sets of interactive user credentials. Each set of credentials are associated with a different interactive user and indicate a permission level for one or more applications and/or an access level for a server-hosted domain. The system also includes a server in connection with a client. The server hosts a session for a first local interactive user of the client, the client executing an active operating system logon session for a shared account. The active operating system logon session is established with a default user profile that is not associated with a particular interactive user. The system additionally includes a credential delivery application that communicates with the server and the client. The credential delivery application receives an identifier identifying the first local interactive user via the client and uses the identifier to retrieve a first set of credentials for the first local interactive user from the storage location. The first set of credentials are delivered by the credential delivery application to the server and used to map the first local interactive user to a server-hosted session for the first local user.

In another embodiment in an electronic device, a method of providing permission-based access to an active operating system logon session includes the step of hosting on the electronic device an active operating system logon session for a shared account. The shared account is established with a default user profile not associated with a particular interactive user. The electronic device is in communication with a server. The method also includes the step of receiving a first identifier identifying a first local interactive user via the electronic device. The method additionally includes the step of using the first identifier to retrieve a first set of credentials for the first local interactive user, the first set of credentials being stored in a location accessible to the electronic device and the server and indicating at least one permission level for either at least one application or an access level for a server-hosted session associated with the first local interactive user. The method also maps the server-hosted session for the first local interactive user into the active operating system logon session on the electronic device using the first set of credentials.

In an embodiment in an electronic device, a method of providing permission-based access to an existing operating system logon session includes the step of hosting on the electronic device an active operating system logon session for a shared account, the shared account originally established with a default user profile not associated with a particular interactive user. The method further includes the step of receiving a first identifier identifying a first local interactive user and the step of using the first identifier to retrieve a first set of credentials for the first local interactive user. The first set of credentials indicates at least one permission level for either at least one application or an access level for a session associated with the first local interactive user on the electronic device. The method also maps the session associated with the first local interactive user into the active operating system logon session using the first set of credentials.

Brief Summary of the Drawings

Detailed Description

The illustrative embodiment of the present invention provides the ability to switch rapidly between multiple authenticated interactive users in a time-sensitive environment. The term "interactive user" is used to distinguish human users from an automated process. By establishing a operating system logon session for a shared account based on a default user profile and separating the authentication of the identity of local interactive users from that logon session, the present invention allows the local interactive users to rapidly access remote sessions in a secure manner on the shared client system. The present invention also enables an alteration of the locking mechanism engaged in by typical operating system logon session so as to increase the availability of a system to a subsequent interactive user for services while maintaining the security and privacy of the original interactive user's applications. The alteration of the locking mechanism also helps prevent unauthorized use while improving accountability for actions taken at the client system.

Figure 2 depicts an environment suitable for practicing the illustrative embodiment of the present invention. A client electronic device 20 communicates over a network 40 with a server 50. The client electronic device 20 may be a desktop, workstation, laptop, PDA, WINDOWS kiosk, or other electronic device equipped with an operating system and capable of supporting remote access to the server 50. The client electronic device 20 includes an operating system 20 and a third party GINA 24. The operation of the third party GINA 24 will be discussed further below. The client electronic device 20 automatically generates a shared operating system logon session 26 based upon a default user profile with a pre-determined set of permissions and privileges. The default user profile is provided by a third party and is not a default profile provided by the operating system. The client electronic device 20 may also include local applications 28 which may be utilized by interactive user one 30 and interactive user two 32 in the manner set forth herein.

As noted above, the client electronic device 20 communicates over a network 40 with a server 50. The network may be a local area network (LAN), a wide area network (WAN), an intranet, the Internet or some other type of network. The server 50 provides remote access to applications 58, 60 and 62 depending upon the access rights of the interactive user. In one implementation, the server 50 is a MetaFrame Presentation Server from Citrix Systems, Inc. of Fort Lauderdale, Florida providing remote access to enterprise applications using a presentation level protocol. The server 50 includes a credential delivery application 56 which accepts an identifier holding local user information such as username, password and domain from the 3rd party GINA 24. The credential delivery application 56 uses the local interactive user information to retrieve a set of credentials 72, 74 or 76 associated with the local interactive user from a network-accessible storage location 70. Each set of credentials 72, 74 and 76 are associated with a different interactive user. In one implementation, the credential delivery application may be MetaFrame Password Manager from Citrix Systems, Inc.

Those skilled in the art will recognize that the components depicted in Figure 2 are meant to illustrate one possible architecture and that many other architectures are possible within the scope of the present invention. For example, the storage location 70 may be located on the server 50. Similarly, the applications 58, 60 and 62 to which the server 50 provides access may be located remotely from the server at a separate network-accessible location. The figures depicted herein should be understood to be exemplary and should not be viewed in a limiting sense. It should also be understood that although references are made to the WINDOWS operating system from Microsoft Corporation, the present invention may also be implemented using other operating systems.

The operating system 22 is configured to start an initial process which loads the third party GINA 24 which will present a logon dialog box to an interactive user. The initial process also is informed by the third GINA 24 (through the triggering of event or similar process) to automatically logon a default user with a base profile thereby creating a shared account with a minimal set of privileges. The third party GINA 24 then receives logon information from a local interactive user and transmits the information to the credential delivery application 56. The credential delivery application 56 receives the local interactive user information and automatically retrieves from a network accessible storage location a set of credentials associated with the local interactive user. The credentials for the local interactive user are used to automatically set the authorizations for the local interactive user within a server-hosted session 52 or 54 which the interactive user is allowed to access from the client electronic device 20. For example, the set of credentials may allow the local interactive user administrator privileges when accessing the server. Alternatively, the local interactive user may have read privileges within some applications and read-write privileges within other applications.

The third party GINA of the present invention alters the traditional locking mechanism that occurs when a interactive user locks a workstation either directly through the shell or indirectly from within an application. Traditionally, the initiating process (in a WINDOWS domain winlogon.exe) checks to see whether the first GINA and any others GINAs supplementing the first GINA allow the request to lock. In contrast, the third party GINA of the present invention is loaded first in the chain of GINAs and inserts a request to lock the interactive user into the chain of GINAs. If the next or subsequent GINA declines, the process is aborted. If the next and subsequent GINAs allows the lock request, then the workstation is locked and an authentication dialog is displayed. Upon a subsequent successful authentication, the actions taken vary based upon the identity of the interactive user. If the same interactive user authenticates, the interactive user is logged back in to the remote session. If the authenticating interactive user is new, the remote session is terminated and a new session is started (or restored if the server has a saved session for that interactive user). The third party GINA of the present invention does not pass the lock request back to the operating system so that the shared account does not change. The result of the interception of the lock request is that a new logon session and retrieval of a profile for an interactive user is not required. Those skilled in the art will recognize that the locking may occur in response to a direct interactive user command, as a result of time parameter being exceeded, or the occurrence of some other event. In one implementation, a locked workstation that remains locked for longer than a pre-determined parameter automatically causes a remote session to be terminated and a new session started when the lock is released. It should be noted that logoff requests may be treated in a similar manner as lock requests.

Although particularly useful in network environments, the present invention may also be practiced in non-networked processor-equipped devices. Figure 3 depicts an alternate implementation of a stand-alone electronic device 90 which employs the present invention to rapidly grant permission-based access to multiple interactive users in a secure manner. The electronic device 90 includes an operating system 92 and the third party GINA 94 of the present invention. Upon initialization, the electronic device 90 automatically creates an operating system logon session 96 using a default user profile with a pre-determined set of permissions and privileges. An interactive user 120 accessing the electronic device 90 logs on via the third party GINA 94 which relays the interactive user information to a credential delivery application 104. The credential delivery application 104 uses the input interactive user information to retrieve a set of interactive user credentials 108, 110 or 112 that are associated with the interactive user 120 from a storage location 106. The credentials are delivered to the server which then allows access by the interactive user 120 to applications 98, 100 and 102 consistent with the retrieved interactive user credentials.

In many embodiments, the client electronic device 20 and the server 50 are provided as personal computer or computer servers, of the sort manufactured by the Hewlett-Packard Corporation of Palo Alto, California or the Dell Corporation of Round Rock, TX. Figures 4A and 4B depict block diagrams of a typical computer 200 useful as the server 50, or the client device 20 in those embodiments. As shown in Figures 4A and 4B, each computer 200 includes a central processing unit 202, and a main memory unit 204. Each computer 200 may also include other optional elements, such as one or more input/output devices 230a-230n (generally referred to using reference numeral 230), and a cache memory 240 in communication with the central processing unit 202.

The central processing unit 202 is any logic circuitry that responds to and processes instructions fetched from the main memory unit 204. In many embodiments, the central processing unit is provided by a microprocessor unit, such as: the 8088, the 80286, the 80386, the 80486, the Pentium, Pentium Pro, the Pentium II, the Celeron, or the Xeon processor, all of which are manufactured by Intel Corporation of Mountain View, California; the 68000, the 68010, the 68020, the 68030, the 68040, the PowerPC 601, the PowerPC604, the PowerPC604e, the MPC603e, the MPC603ei, the MPC603ev, the MPC603r, the MPC603p, the MPC740, the MPC745, the MPC750, the MPC755, the MPC7400, the MPC7410, the MPC7441, the MPC7445, the MPC7447, the Mac7450, the MPC7451, the MPC7455, the MPC7457 processor, all of which are manufactured by Motorola Corporation of Schaumburg, Illinois; the Crusoe TM5800, the Crusoe TM5600, the Crusoe TM5500, the Crusoe TM5400, the Efficeon TM8600, the Efficeon TM8300, or the Efficeon TM8620 processor, manufactured by Transmeta Corporation of Santa Clara, California; the RS/6000 processor, the RS64, the RS 64 II, the P2SC, the POWER3, the RS64 III, the POWER3-II, the RS 64 IV, the POWER4, the POWER4+, the POWER5, or the POWER6 processor, all of which are manufactured by International Business Machines of White Plains, New York; or the AMD Opteron, the AMD Athalon 64 FX, the AMD Athalon, or the AMD Duron processor, manufactured by Advanced Micro Devices of Sunnyvale, California.

Main memory unit 204 may be one or more memory chips capable of storing data and allowing any storage location to be directly accessed by the microprocessor 202, such as Static random access memory (SRAM), Burst SRAM or SynchBurst SRAM (BSRAM), Dynamic random access memory (DRAM), Fast Page Mode DRAM (FPM DRAM), Enhanced DRAM (EDRAM), Extended Data Output RAM (EDO RAM), Extended Data Output DRAM (EDO DRAM), Burst Extended Data Output DRAM (BEDO DRAM), Enhanced DRAM (EDRAM), synchronous DRAM (SDRAM), JEDEC SRAM, PC100 SDRAM, Double Data Rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), SyncLink DRAM (SLDRAM), Direct Rambus DRAM (DRDRAM), or Ferroelectric RAM (FRAM).

In the embodiment shown in Figure 4A, the processor 202 communicates with main memory 204 via a system bus 220 (described in more detail below). Figure 4B depicts an embodiment of a computer system 200 in which the processor communicates directly with main memory 204 via a memory port. For example, in Figure 4B the main memory 204 may be DRDRAM.

Figures 4A and 4B depict embodiments in which the main processor 202 communicates directly with cache memory 240 via a secondary bus, sometimes referred to as a "backside" bus. In other embodiments, the main processor 202 communicates with cache memory 240 using the system bus 220. Cache memory 240 typically has a faster response time than main memory 204 and is typically provided by SRAM, BSRAM, or EDRAM.

In the embodiment shown in Figure 4A, the processor 202 communicates with various I/O devices 230 via a local system bus 220. Various buses may be used to connect the central processing unit 202 to the I/O devices 230, including a VESA VL bus, an ISA bus, an EISA bus, a MicroChannel Architecture (MCA) bus, a PCI bus, a PCI-X bus, a PCI-Express bus, or a NuBus. For embodiments in which the I/O device is a video display, the processor 202 may use an Advanced Graphics Port (AGP) to communicate with the display. Figure 4B depicts an embodiment of a computer system 200 in which the main processor 202 communicates directly with I/O device 230b via HyperTransport, Rapid I/O, or InfiniBand. Figure 4B also depicts an embodiment in which local buses and direct communication are mixed: the processor 202 communicates with I/O device 230a using a local interconnect bus while communicating with I/O device 230b directly.

A wide variety of I/O devices 230 may be present in the computer system 200. Input devices include keyboards, mice, trackpads, trackballs, microphones, and drawing tablets. Output devices include video displays, speakers, inkjet printers, laser printers, and dye-sublimation printers. An I/O device may also provide mass storage for the computer system 200 such as a hard disk drive, a floppy disk drive for receiving floppy disks such as 3.5-inch, 5.25-inch disks or ZIP disks, a CD-ROM drive, a CD-R/RW drive, a DVD-ROM drive, tape drives of various formats, and USB storage devices such as the USB Flash Drive line of devices manufactured by Twintech Industry, Inc. of Los Alamitos, California.

In further embodiments, an I/O device 230 may be a bridge between the system bus 220 and an external communication bus, such as a USB bus, an Apple Desktop Bus, an RS-232 serial connection, a SCSI bus, a FireWire bus, a FireWire 800 bus, an Ethernet bus, an AppleTalk bus, a Gigabit Ethernet bus, an Asynchronous Transfer Mode bus, a HIPPI bus, a Super HIPPI bus, a SerialPlus bus, a SCI/LAMP bus, a FibreChannel bus, or a Serial Attached small computer system interface bus.

General-purpose desktop computers of the sort depicted in Figures 4A and 4B typically operate under the control of operating systems, which control scheduling of tasks and access to system resources. Typical operating systems include: MICROSOFT WINDOWS, manufactured by Microsoft Corp. of Redmond, Washington; MacOS, manufactured by Apple Computer of Cupertino, California; OS/2, manufactured by International Business Machines of Armonk, New York; and Linux, a freely-available operating system distributed by Caldera Corp. of Salt Lake City, Utah, among others.

For embodiments in which the client device 20 is a mobile device, the client device may be a JAVA-enabled cellular telephone, such as the i50sx, i55sr, i58sr, i85s, i88s, i90c, i95cl, or the im11000, all of which are manufactured by Motorola Corp. of Schaumburg, Illinois, the 6035 or the 7135, manufactured by Kyocera of Kyoto, Japan, or the i300 or i330, manufactured by Samsung Electronics Co., Ltd., of Seoul, Korea. In other embodiments in which the client device 20 is mobile, it may be a personal digital assistant (PDA) operating under control of the PalmOS operating system, such as the Tungsten W, the VII, the VIIx, the i705, all of which are manufactured by palmOne, Inc. of Milpitas, California. In further embodiments, the client device 20 may be a personal digital assistant (PDA) operating under control of the PocketPC operating system, such as the iPAQ 4155, iPAQ 5555, iPAQ 1945, iPAQ 2215, and iPAQ 4255, all of which manufactured by Hewlett-Packard Corporation of Palo Alto, California, the ViewSonic V36, manufactured by ViewSonic of Walnut, California, or the Toshiba PocketPC e405, manufactured by Toshiba America, Inc. of New York, New York. In still other embodiments the client device is a combination PDA/telephone device such as the Treo 180, Treo 270 or Treo 600, all of which are manufactured by palmOne, Inc. of Milpitas, California. In still further embodiment, the client device 20 is a cellular telephone that operates under control of the PocketPC operating system, such as the MPx200, manufactured by Motorola Corp.

Figure 5 is a flowchart of the sequence of steps followed by the illustrative embodiment of the present invention to rapidly switch between authenticated interactive users without generating a new operating system logon session. The sequence begins when the electronic device automatically creates a shared account logon session using a default profile (step 140). Subsequently, the local interactive user logs on to the electronic device which is already executing the operating system logon session via a 3rd party GINA (step 142). The logon information may be received by the electronic device in a number of different ways. The information may be received via an interactive user entering the information from a keyboard. Alternatively the interactive user may enter the information by inserting a smart card into a smart card reader, by having identity information on a proximity card that is read upon coming into range of a proximity sensor. The authentication may be based upon a retinal scan, fingerprints, a facial recognition process or other biometric information. Those skilled in the art will recognize that the authentication information may be received in many different ways by the electronic device without departing from the scope of the present invention.

In one aspect of the present invention, encryption may be added to process of retrieving the interactive user credentials. The set of credentials for the interactive user may be stored in encrypted form at the storage location. The identifiers for the interactive user may also be encrypted. The credential delivery application may pass an encrypted identifier to a smart card which then decrypts the identifier and returns them to the credential delivery application. The credential delivery application may then use the decrypted identifier in decrypting the encrypted set of credentials. Those skilled in the art will recognize that a USB token that includes a smart card or other device providing decryption functionality may also be used without departing from the scope of the present invention. Similarly, the smart card or other device may partially decrypt the identifier as part of a multiple stage decryption process with the remaining decryption/transformation of the interactive user credentials taking place at an additional location. Similar decryption techniques to process the encrypted interactive user credentials and identifiers should be considered within the scope of the present invention.

The interactive user logon information is directed to a credential delivery application which uses the information to retrieve a set of credentials associated with the local interactive user (step 144). The set of credentials provides the relevant permissions and privileges for a server-hosted domain and the applications running on the server which the interactive user is able to access remotely (step 146). Subsequently, the session of the interactive user is interrupted, either voluntarily or involuntarily. For example, in a hospital, a doctor using a WINDOWS kiosk may be called away to attend a patient. The doctor may affirmatively disconnect the session by making a selection, withdrawing a smart card or in some other manner such as a proximity card leaving a sensor range. Alternatively, the session may be disconnected by a time-out parameter being exceeded after the doctor walks away. Upon interruption of the remote session, the remote session is saved and any local applications launched for the doctor are closed (step 148). The operating system logon session is not disrupted and continues to run.

Upon a local interactive user returning to the electronic device, the interactive user is evaluated to determine if the interactive user is a previous interactive user returning or a new interactive user (step 149). If the previous interactive user is the next interactive user to log back onto the electronic device, the remote session is restored (step 150). If the interactive user accessing the electronic device is a new interactive user (step 152), the previous remote session for the first interactive user is unmapped from the operating system logon session following the new interactive user information being entered into the third party GINA. Instead a new session for the new interactive user is begun or restored on the server. Returning to the hospital example, if a second doctor followed the first doctor, the second doctor would be able to be quickly authenticated without the requirement of initiating a new logon session, retrieving a roaming profile and individually entering authentication passwords for a server-hosted domain and server hosted applications. At the same time, the second doctor would not have access to the first doctor's remote session. In one implementation, in the event a different interactive user logs on to the electronic device, the first doctor's suspended remote session is saved for a period of time and may be restored to a different electronic device in the hospital following the authentication procedures outlined above. In another implementation, the remote session of an interactive user is only saved for a pre-determined period of time before being closed even if the interactive user logs back on to the same electronic device he was previously using.

In one aspect of the present invention, the interactive user accessing the client device has a previously saved remote session restored that had been initiated by the interactive user on a different device. In another aspect of the present invention, the interactive user is prompted for additional authorization prior to local applications on the electronic device being launched. In an additional aspect of the present invention, session start scripts automatically launch and authenticate applications.

The present invention may be provided as one or more computer-readable programs embodied on or in one or more articles of manufacture. The article of manufacture may be a floppy disk, a hard disk, a compact disc, a digital versatile disc, a flash memory card, a PROM, a RAM, a ROM, or a magnetic tape. In general, the computer-readable programs may be implemented in any programming language. Some examples of languages that can be used include C, C++, C#, or JAVA. The software programs may be stored on or in one or more articles of manufacture as object code.

Since certain changes may be made without departing from the scope of the present invention, it is intended that all matter contained in the above description or shown in the accompanying drawings be interpreted as illustrative and not in a literal sense. Practitioners of the art will realize that the system configurations depicted and described herein are examples of multiple possible system configurations that fall within the scope of the current invention. Likewise, the sequence of steps utilized in the illustrative flowcharts are examples and not the exclusive sequence of steps possible within the scope of the present invention. Similarly, data structures other than the ones mentioned herein may be used to hold data without departing from the scope of the present invention.

 A system for providing permission-based access to an existing logon session, comprising: a storage location (70) holding a plurality of sets of interactive user credentials (72, 74, 76), each set of credentials associated with a different interactive user (30, 32) and indicating at least one permission level for at least one of at least one application (58, 60, 62) and an access level for a server-hosted domain; a server (50) in connection with a client (20), the server hosting a session (52) for a first local interactive user (30) of the client (20), the client (20) executing an active operating system logon session (26) for a shared account, the active operating system logon session (26) established with a default user profile not associated with a particular interactive user; characterized in that the system further comprises a credential delivery application (56) communicating with the server (50) and the client (20), the credential delivery application (56) receiving an identifier identifying the first local interactive user (30) via the client (20) and using the identifier to retrieve a first set of credentials for the first local interactive user (30) from the storage location (70), the first set of credentials delivered by the credential delivery application (56) to the server (50), the first set of credentials used to map the first local interactive user (30) to the server-hosted session (52) for the first local interactive user (30). The system of claim 1 wherein the server (50) is remotely located from the client (20). The system of claim 1, comprising further: a smart card reader located at the client (20) for receiving the identifier from the first local interactive user (30) via a smart card. The system of claim 1, comprising further: an input device communicating with the client (20) and used to receive the identifier via one of a retinal scan, a fingerprint analysis, a software-based facial recognition process and a proximity sensing process. A method of providing permission-based access to an active operating system logon session (26) of an electronic device (20), comprising the steps of: hosting (140) on an electronic device (20) an active operating system logon session (26) for a shared account, the electronic device (20) in communication with a server (50), the shared account established with a default user profile not associated with a particular interactive user; receiving (142) a first identifier identifying a first local interactive user (30) via the electronic device (20); using (144) the first identifier to retrieve a first set of credentials for the first local interactive user (30), the first set of credentials stored in a location (70) accessible to the electronic device (20) and the server (50) and indicating at least one permission level for at least one of at least one application (58, 60, 62) and an access level for a server-hosted session (52) associated with the first local interactive user; and mapping (146) the first local interactive user (30) to the server-hosted session (52) for the first local interactive user using the first set of credentials. The method of claim 5 wherein the server-hosted session (52) is initiated based upon the receipt of the first set of credentials for the first local interactive user (30);
or wherein the server-hosted session (52) that the first local interactive user (30) is mapped into is a previously-saved session associated with the first local interactive user (30). The method of claim 5, comprising the further steps of: locking the active operating system logon session on the electronic device; receiving a second identifier identifying a second local interactive user via the electronic device; and unmapping the first local interactive user from the server-hosted session for the first local interactive user upon receiving the second identifier, the first local interactive user being unmapped while the operating system logon session is still active. The method of claim 7, comprising the further steps of: using the second identifier to retrieve a second set of credentials for the second local interactive user (32), the second set of credentials stored in a location (70) accessible to the electronic device (20) and the server (50) and indicating at least one permission level for at least one of at least one application (58, 60, 62) and an access level for a server-hosted session (54) for the second local interactive user (32); mapping the second local interactive user (32) into the server-hosted session (54) for the second interactive user (32) using the second set of credentials; and unlocking the constantly active operating session (26) on the electronic device (20) subsequent to the mapping of the second local interactive user (32) into the server-hosted session (54) for the second interactive user (32). The method of claim 7 wherein the active operating system logon session (26) is locked following a receipt of an indication from the first local interactive user (30);
or wherein the active operating system logon session (26) is locked following the expiration of a time parameter;
or wherein the active operating system logon session (26) is locked upon receiving notice from a proximity sensor that the first local interactive user (30) has moved a pre-determined distance from the electronic device. The method of claim 5 wherein the first identifier is transmitted from a smart card;
or wherein the first identifier is received by the smart card in encrypted form and at least partially decrypted by the smart card. The method of claim 5, wherein the first identifier is encrypted and further comprising the steps of: storing the plurality of sets of interactive user credentials (72, 74, 76) in encrypted form; decrypting the first identifier; retrieving an encrypted set of credentials from the storage location (70); and using the decrypted first identifier to decrypt the encrypted set of credentials retrieved from the storage location (70). The method of claim 5 wherein the first identifier is received using one of a retinal scan, a fingerprint analysis, a software-based facial recognition system and a proximity sensor;
or wherein the first set of credentials includes different permission levels for different applications. The method of claim 5, wherein following the mapping of the first local interactive user (30) into the server-hosted session (52) associated with the first local interactive user (30), the method comprises the further steps of: receiving additional identifiers from the first local interactive user (30) prior to allowing the first local interactive user (30) to run a local application (28) hosted by the electronic device (20). The method of claim 5 wherein the access level for the server-hosted session (52) is one of read and read-write;
or wherein the server (50) and electronic device (20) communicate over a network (40). The method of claim 5, comprising the step of: accessing the at least one application using the first set of credentials. The method of claim 15, comprising the further steps of: locking the active operating system logon session (26) on the electronic device (20); and receiving an identifier identifying a second local interactive user (32) via the electronic device (20); using the identifier to retrieve a second set of credentials for the second local interactive user (32), the second set of credentials stored in a location (70) accessible to the electronic device (20) and indicating at least one permission level for at least one application (58, 60, 62); unlocking the active operating system logon session (26) on the electronic device (20) subsequent to receiving the identifier for the second local interactive user (32); and accessing the at least one application (58, 60, 62) using the second set of credentials. The method of claim 15, wherein the first set of credentials includes different permission levels for different applications. An article of manufacture having embodied thereon computer-readable program means for providing permission-based access to an existing session, the article of manufacture comprising: computer-readable program means for hosting on an electronic device (20) an active operating system logon session (26) for a shared account, the electronic device in communication with a server (50), the shared account established with a default user profile not associated with a particular interactive user; computer-readable program means receiving a first identifier identifying a first local interactive user (30) via the electronic device (20); computer-readable program means for using the first identifier to retrieve a first set of credentials for the first local interactive user (30), the first set of credentials stored in a location (70) accessible to the electronic device (20) and the server (50) and indicating at least one permission level for at least one of at least one application (58, 60, 62) and an access level for a server-hosted session (52) associated with the first local interactive user: and computer-readable program means for mapping the first local interactive user (30) to the server-hosted session (52) for the first local interactive user using the first set of credentials. The article of manufacture of claim 18, further comprising: computer-readable program means for locking the active operating system logon session (26) on the electronic device (20); computer-readable program means for receiving a second identifier identifying a second local interactive user (32) via the electronic device (20); and computer- readable program means for unmapping the first local interactive user (30) from the server-hosted session (52) for the first local interactive user (30) upon receiving the second identifier, the first local interactive user (30) being unmapped while the operating system logon session (26) is still active. The article of manufacture of claim 19, further comprising: computer-readable program means for using the second identifier to retrieve a second set of credentials for the second local interactive user (32), the second set of credentials stored in a location (70) accessible to the electronic device (20) and the server (50) and indicating at least one permission level for at least one of at least one application (5 8, 60, 62) and an access level for a server-hosted session (54) for the second local interactive user; computer-readable program means for mapping the second local interactive user (32) into the server-hosted session (54) for the second interactive user (32) using the second set of credentials; and computer-readable program means for unlocking the constantly active operating session (26) on the electronic device (20) subsequent to the mapping of the second local interactive user (32) into the server-hosted session (54) for the second interactive user (32). The article of manufacture of claim 18, wherein the first set of credentials includes different permission levels for different applications. The article of manufacture of claim 18, further comprising: computer readable program means for receiving an identifier via one of a retinal scan, a fingerprint analysis, a software-based facial recognition process and a proximity sensor. The article of manufacture of claim 18, further comprising: computer readable program means for receiving at a smart card in communication with the electronic device (20) the fist identifier in encrypted form. The article of manufacture of claim 23 wherein the smart card at least partially decrypts the identifier. The article of manufacture of claim 24 wherein a decrypted identifier is used to decrypt an encrypted set of interactive user credentials. The article of manufacture of claim 18, wherein the first identifier is encrypted and further comprising: computer-readable program means for storing the plurality of sets of interactive user credentials in encrypted form; computer-readable program means for decrypting the fist identifier; computer-readable program means for retrieving an encrypted set of credentials from the storage location; and computer-readable program means for using the decrypted first identifier to decrypt the encrypted set of credentials retrieved from the storage location. Système pour fournir un accès fondé sur une permission à une session existante de connexion, comprenant : une position de stockage (70) détenant une pluralité de séries de références (72, 74, 76) de l'utilisateur interactif, chaque série de références associée à un utilisateur interactif différent (30, 32) et indiquant au moins un niveau de permission pour au moins l'une d'au moins une demande (58, 60, 62) et un niveau d'accès pour un domaine hôte de serveur un serveur (50) connecté à un client (20), le serveur hébergeant une session (52) pour un premier utilisateur local interactif (30) du client, le client (20) exécutant une session de connexion de système opératif active (26) pour un compte partagé, la session de connexion de système opératif active (26) établie avec un profil d'utilisateur par défaut qui n'est pas associé à un utilisateur interactif particulier ; caractérisé en ce que le système comprend en outre une demande de livraison de références (56) communiquant avec le serveur (50) et le client (20), la demande de livraison de références (56) recevant un identifiant qui identifie le premier utilisateur local interactif (30) via le client (20) et utilisant l'identifiant pour extraire une première série de références pour le premier utilisateur interactif local (30) de la position de stockage (70), la première série de références livrée par la demande de livraison de références (56) au serveur (50), la première série de références utilisée pour mapper le premier utilisateur interactif local (30) à la session d'hôte de serveur (52) pour le premier utilisateur interactif local (30). Système selon la revendication 1, dans lequel le serveur (50) est placé à distance du client (20). Système selon la revendication 1, comprenant en outre : un lecteur de carte à puce positionné auprès du client (20) pour recevoir l'identifiant du premier utilisateur interactif local (30) par une carte à puce. Système selon la revendication 1, comprenant en outre : une périphérique d'entrée en communication avec le client (20) et utilisée pour recevoir l'identifiant à travers un balayage rétinien, une analyse d'empreintes, un procédé de reconnaissance faciale fondé sur logiciel et un procédé de détection de proximité. Méthode pour fournir un accès fondé sur permission à une session de connexion de système opératif active (26) d'un dispositif électronique (20), comprenant les étapes de : héberger (140) sur un dispositif électronique (20) une session de connexion de système opératif active (26) pour un compte partagé, le dispositif électronique (20) en communication avec un serveur (50), le compte partagé établi avec un profil d'utilisateur par défaut non associé à un utilisateur interactif particulier ; recevoir (142) un premier identifiant qui identifie un premier utilisateur interactif local (30) via le dispositif électronique (20) ; utiliser (144) le premier identifiant pour extraire une première série de références pour le premier utilisateur interactif local (30), la première série de références stockée à une position (70) accessible au dispositif électronique (20) et au serveur (50) et indiquant au moins un niveau de permission pour au moins l'une d'au moins une demande (58, 60, 62) et un niveau d'accès pour une session hôte de serveur (52) associée au premier utilisateur interactif local ; et mapper (146) le premier utilisateur interactif local (30) à la session hôte de serveur (52) du premier utilisateur interactif local utilisant la première série de références. Méthode selon la revendication 5, dans laquelle la session hôte de serveur (52) est démarrée sur la base de la réception de la première série de références pour le premier utilisateur interactif local (30) ;
ou dans laquelle la session hôte de serveur (52) où le premier utilisateur interactif local (30) est mappé, est une session préalablement sauvée associée au premier utilisateur interactif local (30). Méthode selon la revendication 5, comprenant les étapes ultérieures de : bloquer la session de connexion de système opératif active sur le dispositif électronique ; recevoir un deuxième identifiant qui identifie un deuxième utilisateur interactif local à travers le dispositif électronique ; et démapper le premier utilisateur interactif local de la session hôte de serveur du premier utilisateur interactif local à la réception du deuxième identifiant, le premier utilisateur interactif local étant démappé pendant que la session de connexion de système opératif est encore active. Méthode selon la revendication 7, comprenant les étapes ultérieures de : utiliser le deuxième identifiant pour extraire une deuxième série de références du deuxième utilisateur interactif local (32), la deuxième série de références stockée à une position (70) accessible au dispositif électronique (20) et au serveur (50) et indiquant au moins un niveau de permission pour au moins l'une d'au moins une demande (58, 60, 62) et un niveau d'accès pour la session hôte de serveur (54) du deuxième utilisateur interactif local (32) ; mapper le deuxième utilisateur interactif local (32) dans la session hôte de serveur (54) pour le deuxième utilisateur interactif (32) utilisant la deuxième série de références; et débloquer la session opérative (26) constamment active sur le dispositif électronique (20) après avoir mappé le deuxième utilisateur interactif local (32) dans la session hôte de serveur (54) du deuxième utilisateur interactif (32). Méthode selon la revendication 7, dans laquelle la session de connexion de système opératif active (26) est bloqué suite à la réception d'une indication du premier utilisateur interactif local (30) ;
ou dans laquelle la session de connexion de système opérative active (26) est bloquée suite à l'expiration d'un paramètre de temps ;
ou dans laquelle la session de connexion de système opératif active (26) est bloquée suite à la réception d'avis d'un détecteur de proximité que le premier utilisateur interactif local (30) s'est éloigné d'une distance prédéterminée du dispositif électronique. Méthode selon la revendication 5, dans laquelle le premier identifiant est transmis d'une carte a puce ;
ou dans laquelle le premier identifiant est reçu par la carte à puce sous forme cryptée et décryptée au moins en partie par la carte à puce. Méthode selon la revendication 5, dans laquelle le premier identifiant est crypté et comprend en outre les étapes de : stocker une pluralité de séries de références (72, 74, 76) d'utilisateur interactif sous forme cryptée ; décrypter le premier identifiant ; extraire une série cryptée de références de la position de stockage (70) ; et utiliser le premier identifiant décrypté pour décrypter la série de références cryptée extraite de la position de stockage (70). Méthode selon la revendication 5, dans laquelle le premier identifiant est reçu en utilisant l'un parmi un balayeur rétinien, une analyse d'empreinte, un système de reconnaissance faciale fondé sur un logiciel et un détecteur de proximité ;
ou dans laquelle la première série de références inclut différents niveaux de permission pour différentes demandes. Méthode selon la revendication 5, dans laquelle suivant le mappage du premier utilisateur interactif local (30) dans la session hôte de serveur (52) associée au premier utilisateur interactif local (30), la méthode comprend les étapes ultérieures de : recevoir des identifiants supplémentaires du premier utilisateur interactif local (30) avant de permettre au premier utilisateur interactif local (30) d'exécuter une demande locale (28) hébergée par le dispositif électronique (20). Méthode selon la revendication 5, dans laquelle le niveau d'accès pour la session hôte de serveur (52) est l'un parmi lecture et lecture-écriture ;
ou dans laquelle le serveur (50) et le dispositif électronique (20) communiquent par un réseau (40). Méthode selon la revendication 5, comprenant l'étape de : accéder à l'au moins une demande en utilisant la première série de références. Méthode de la revendication 15, comprenant les étapes ultérieures de : bloquer la session de connexion de système opératif active (26) sur le dispositif électronique (20) ; et recevoir un identifiant qui identifie un deuxième utilisateur local interactif (32) via le dispositif électronique (20) ; utiliser l'identifiant pour extraire une deuxième série de références du deuxième utilisateur local interactif (32), la deuxième série de références stockée à une position (70) accessible au dispositif électronique (20) et indiquant au moins un niveau de permission pour au moins une demande (58, 60, 62) ; débloquer la session de connexion de système opératif active (26) sur le dispositif électronique (20) après avoir reçu l'identifiant du deuxième utilisateur local interactif (32) ; et accéder à l'au moins une demande (58, 60, 62) en utilisant la deuxième série de détails. Méthode selon la revendication 15, dans laquelle la première série de détails inclut différents niveaux de permission pour différentes demandes. Produit manufacturé incorporant des moyens de programme d'ordinateur pour fournir accès fondé sur une permission à une session existante, le produit manufacturé comprenant : des moyens de programme d'ordinateur pour héberger une session de connexion de système opératif active (26) pour compte partagé sur un dispositif électronique (20), le dispositif électronique communiquant avec un serveur (50), le compte partagé établi avec un profil d'utilisateur par défaut non-associé à un utilisateur interactif particulier ; des moyens de programme d'ordinateur recevant un premier identifiant qui identifie un premier utilisateur interactif local (30) à travers le dispositif électronique (20) ; des moyens de programme d'ordinateur pour utiliser le premier identifiant afin d'extraire une première série de références du premier utilisateur interactif local (30), la première série de références stockée à une position (70) accessible au dispositif électronique (20) et au serveur (50) et indiquant au moins un niveau de permission pour au moins l'une d'au moins une demande (58, 60, 62) et un niveau d'accès pour une session hôte de serveur (52) associée au premier utilisateur interactif local ; et des moyens de programme d'ordinateur pour mapper le premier utilisateur interactif local (30) à la session hôte de serveur (52) pour le premier utilisateur interactif local utilisant la première série de références. Produit manufacturé selon la revendication 18, comprenant en outre : des moyens de programme d'ordinateur pour bloquer la session de connexion de système opératif active (26) sur le dispositif électronique (20) ; des moyens de programme d'ordinateur pour recevoir un deuxième identifiant qui identifie un deuxième utilisateur interactif local (32) via le dispositif électronique (20) ; et des moyens de programme d'ordinateur pour démapper le premier utilisateur interactif local (30) de la session hôte de serveur (52) pour le premier utilisateur interactif local (30) lorsqu'il reçoit le deuxième identifiant, le premier utilisateur interactif local (30) étant démappé pendant que la session de connexion (26) de système opératif est encore active. Produit manufacturé selon la revendication 19, comprenant en outre : des moyens de programme d'ordinateur pour utiliser le deuxième identifiant afin d'extraire une deuxième série de références du deuxième utilisateur interactif local (32), la deuxième série de références stockée à une position (70) accessible au dispositif électronique (20) et au serveur (50) et indiquant au moins un niveau de permission pour au moins une d'au moins une demande (58, 60, 62) et un niveau d'accès pour une session hôte de serveur (54) du deuxième utilisateur interactif local ; des moyens de programme d'ordinateur pour mapper le deuxième utilisateur interactif local (32) dans la session hôte de serveur (54) du deuxième utilisateur interactif (32) utilisant la deuxième série de références; et des moyens de programme d'ordinateur pour débloquer la session opérative constamment active (26) sur le dispositif électronique (20) après avoir mappé le deuxième utilisateur interactif local (32) dans la session hôte de serveur (54) du deuxième utilisateur interactif (32). Produit manufacturé selon la revendication 18, dans lequel la première série de références inclut différents niveaux de permission pour différentes demandes. Produit manufacturé selon la revendication 18, comprenant en outre : des moyens de programme d'ordinateur pour recevoir un identifiant à travers l'un parmi un balayeur rétinien, une analyse d'empreinte, un procédé de reconnaissance faciale fondé sur logiciel et un détecteur de proximité. Produit manufacturé selon la revendication 18, comprenant en outre : des moyens de programme d'ordinateur pour recevoir le premier identifiant en forme cryptée sur une carte à puce en communication avec le dispositif électronique (20). Produit manufacturé selon la revendication 23, dans lequel la carte à puce décrypte au moins en partie l'identifiant. Produit manufacturé selon la revendication 24, dans lequel on utilise un identifiant décrypté pour décrypter une série cryptée de références d'utilisateur interactif. Produits manufacturé selon la revendication 18, dans lequel le premier identifiant est crypté et comprenant en outre : des moyens de programme d'ordinateur pour stocker la pluralité de séries de références d'utilisateur interactif sous forme cryptée ; des moyens de programme d'ordinateur pour décrypter le premier identifiant. des moyens de programme d'ordinateur pour extraire une série cryptée de références de la position de stockage ; et des moyens de programme d'ordinateur pour utiliser le premier identifiant décrypté afin de décrypter la série crypté de références extraits de la position de stockage. Ein System zum Ermöglichen von erlaubnisbasiertem Zugang zu einer existierenden Anmeldesitzung, das Folgendes umfasst: einen Speicherort (70), der eine Vielzahl von Sätzen interaktiver Nutzerberechtigungen (72, 74, 76) enthält, wobei jeder Satz von Berechtigungen mit einem anderen interaktiven Benutzer (30, 32) verknüpft ist und mindestens ein Berechtigungsniveau für mindestens eine von mindestens einer Anwendung (58, 60, 62) und ein Zugangsniveau für eine Server-gehostete Domäne anzeigt, einen Server (50) in Verbindung mit einem Client (20), wobei der Server eine Setzung (52) für einen ersten lokalen interaktiven Benutzer (30) des Clients (20) hostet und der Client (20) eine aktive Betriebssystem-Anmeldesitzung (26) für ein gemeinsames Konto ausführt, wobei die aktive Betriebssystem-Anmeldesitzung (26) mit einem Standard-Benutzerprofil erstellt wird, das nicht mit einem bestimmten interaktiven Benutzer verknüpft ist, dadurch gekennzeichnet, dass das System weiter Folgendes umfasst: eine Berechtigungsvergabe-Anwendung (56), die mit dem Server (50) und dem Client (20) kommuniziert, wobei die Berechtigungsvergabe-Anwendung (56) über den Client (20) eine Kennung erhält, welche den ersten lokalen interaktiven Benutzer (30) kennzeichnet, und die Kennung benutzt, um vom Speicherort (70) einen ersten Satz von Berechtigungen für den ersten lokalen interaktiven Benutzer (30) abzurufen, wobei der erste Satz von Berechtigungen von der Berechtigungsvergabe-Anwendung (56) an den Server (50) geliefert wird und der erste Satz von Berechtigungen verwendet wird, um den ersten lokalen interaktiven Benutzer (30) auf die Server-gehostete Sitzung (52) für den ersten lokalen interaktiven Benutzer (30) zu mappen. Das System gemäß Anspruch 1, worin der Server (50) vom Client (20) entfernt ist. Das System gemäß Anspruch 1, das weiter Folgendes umfasst: einen im Client (20) befindlichen Smartcard-Leser zum Empfang der Kennung vom ersten lokalen interaktiven Benutzer (30) über eine Smartcard. Das System gemäß Anspruch 1, das weiter Folgendes umfasst: ein Eingabegerät, das mit dem Client (20) kommuniziert und verwendet wird, um die Kennung über eines von Folgendem zu erhalten: einen Netzhaut-Scan, eine Fingerabdruck-Analyse, ein Gesichtserkennungsverfahren auf Softwarebasis und ein Näherungsmessverfahren. Ein Verfahren zum Ermöglichen von erlaubnisbasiertem Zugang zu einer aktiven Betriebssystem-Anmeldesitzung (26) einer elektronischen Vorrichtung (20), das folgende Schritte umfasst: Hosting (140), auf einer elektronischen Vorrichtung (20), einer aktiven Betriebssystem-Anmeldesitzung (26) für ein gemeinsames Konto, wobei die elektronische Vorrichtung (20) in Kommunikation mit einem Server (50) steht und das gemeinsame Konto mit einem Standard-Benutzerprofil erstellt wurde, das nicht mit einem bestimmten interaktiven Benutzer verknüpft ist, Empfang (142) einer ersten Kennung, die einen ersten lokalen interaktiven Benutzer (30) identifiziert, über die elektronische Vorrichtung (20), Verwendung (144) der ersten Kennung, um einen ersten Satz von Berechtigungen für den ersten lokalen interaktiven Benutzer (30) abzurufen, wobei der erste Satz von Berechtigungen an einem Ort (70) gespeichert ist, auf den die elektronische Vorrichtung (20) und der Server (50) zugreifen können, und mindestens ein Berechtigungsniveau für mindestens eine von mindestens einer Anwendung (58, 60, 62) und ein Zugangsniveau für eine Server-gehostete Sitzung (52) anzeigt, die mit dem ersten lokalen interaktiven Benutzer verknüpft ist, und Mapping (146) des ersten lokalen interaktiven Benutzers (30) auf die Server-gehostete Sitzung (52) für den ersten lokalen interaktiven Benutzer mit Hilfe des ersten Satzes von Berechtigungen. Das Verfahren gemäß Anspruch 5, worin die Server-gehostete Sitzung (52) anhand des Empfangs des ersten Satzes von Berechtigungen für den ersten lokalen interaktiven Benutzer (30) initiiert wird,
oder worin die Server-gehostete Sitzung (52), in die der erste lokale interaktive Benutzer (30) gemappt wird, eine zuvor gespeicherte Sitzung ist, die mit dem ersten lokalen interaktiven Benutzer (30) verknüpft ist. Das Verfahren gemäß Anspruch 5, das folgende weitere Schritte umfasst: Sperrung der aktiven Betriebssystem-Anmeldesitzung auf der elektronischen Vorrichtung, Empfang einer zweiten Kennung, die einen zweiten lokalen interaktiven Benutzer identifiziert, über die elektronische Vorrichtung und Unmapping des ersten lokalen interaktiven Benutzers in der Server-gehosteten Sitzung für den ersten lokalen interaktiven Benutzer bei Empfang der zweiten Kennung, wobei der erste lokale interaktive Benutzer unmappt wird, noch während die Betriebssystem-Anmeldesitzung aktiv ist. Das Verfahren gemäß Anspruch 7, das die folgenden weiteren Schritte umfasst: Verwendung der zweiten Kennung zum Abrufen eines zweiten Satzes von Berechtigungen für den zweiten lokalen interaktiven Benutzer (32), wobei der zweite Satz von Berechtigungen an einem Ort (70) gespeichert ist, auf den die elektronische Vorrichtung (20) und der Server (50) zugreifen können, und mindestens ein Berechtigungsniveau für mindestens eine von mindestens einer Anwendung (58, 60, 62) und ein Zugangsniveau für eine Server-gehostete Sitzung (54) für den zweiten lokalen interaktiven Benutzer (32) anzeigt, Mapping des zweiten lokalen interaktiven Benutzers (32) in die Server-gehostete Sitzung (54) für den zweiten interaktiven Benutzer (32) unter Verwendung des zweiten Satzes von Berechtigungen und Entsperrung der durchgängig aktiven Betriebssitzung (26) in der elektronischen Vorrichtung (20) anschließend an das Mapping des zweiten lokalen interaktiven Benutzers (32) in die Server-gehostete Sitzung (54) für den zweiten interaktiven Benutzer (32). Das Verfahren gemäß Anspruch 7, worin die aktive Betriebssystem-Anmeldesitzung (26) nach Empfang einer Meldung vom ersten lokalen interaktiven Benutzer (30) gesperrt wird
oder worin die aktive Betriebssystem-Anmeldesitzung (26) nach Ablauf eines Zeitparameters gesperrt wird
oder worin die aktive Betriebssystem-Anmeldesitzung (26) nach Empfang einer Meldung von einem Näherungssensor, dass der erste lokale interaktive Benutzer (30) sich einen vordefinierten Abstand von der elektronischen Vorrichtung fort bewegt hat, gesperrt wird. Das Verfahren gemäß Anspruch 5, worin die erste Kennung von einer Smartcard gesendet wird
oder worin die erste Kennung von der Smartcard in verschlüsselter Form empfangen und zumindest teilweise von der Smartcard entschlüsselt wird. Das Verfahren gemäß Anspruch 5, worin die erste Kennung verschlüsselt ist, und weiter folgende Schritte umfassend: Speichern der Vielzahl von Sätzen interaktiver Nutzerberechtigungen (72, 74, 76) in verschlüsselter Form, Entschlüsselung der ersten Kennung, Abrufen eines verschlüsselten Satzes von Berechtigungen vom Speicherort (70) und Verwendung der entschlüsselten ersten Kennung zum Entschlüsseln des verschlüsselten Satzes von Berechtigungen, die vom Speicherort (70) abgerufen wurden. Das Verfahren gemäß Anspruch 5, worin die erste Kennung empfangen wird unter Verwendung eines von Folgendem: eines Netzhaut-Scans, einer Fingerabdruck-Analyse, eines Gesichtserkennungssystems auf Softwarebasis und eines Näherungssensors
oder worin der erste Satz von Berechtigungen verschiedene Berechtigungsniveaus für verschiedene Anwendungen einschließt. Das Verfahren gemäß Anspruch 5, worin nach dem Mapping des ersten lokalen interaktiven Benutzers (30) in die Servergehostete Sitzung (52), die mit dem ersten lokalen interaktiven Benutzer (30) verknüpft ist, das Verfahren die folgenden weiteren Schritte umfasst: Empfang zusätzlicher Kennungen vom ersten lokalen interaktiven Benutzer (30), bevor es dem ersten lokalen interaktiven Benutzer (30) gestattet wird, eine lokale Anwendung (28) auszuführen, die von der elektronischen Vorrichtung (20) gehostet wird. Das Verfahren gemäß Anspruch 5, worin das Zugangsniveau für die Server-gehostete Sitzung (52) entweder Read oder Read-Write ist
oder worin der Server (50) und die elektronische Vorrichtung (20) über ein Netzwerk (40) kommunizieren. Das Verfahren gemäß Anspruch 5, das folgenden Schritt umfasst: Zugriff auf die mindestens eine Anwendung mit Hilfe des ersten Satzes von Berechtigungen. Das Verfahren gemäß Anspruch 15, das weiter folgende Schritte umfasst: Sperrung der aktiven Betriebssystem-Anmeldesitzung (26) auf der elektronischen Vorrichtung (20) und Empfang einer Kennung, die einen zweiten lokalen interaktiven Benutzer (32) identifiziert, über die elektronische Vorrichtung (20), Verwendung der Kennung, um einen zweiten Satz von Berechtigungen für den zweiten lokalen interaktiven Benutzer (32) abzurufen, wobei der zweite Satz von Berechtigungen an einem Ort (70) gespeichert ist, auf den die elektronische Vorrichtung (20) zugreifen kann, und mindestens ein Berechtigungsniveau für mindestens eine Anwendung (58, 60, 62) anzeigt, Entsperrung der aktiven Betriebssystem-Anmeldesitzung (26) in der elektronischen Vorrichtung (20) anschließend an den Empfang der Kennung für den zweiten lokalen interaktiven Benutzer (32) und Zugriff auf die mindestens eine Anwendung (58, 60, 62) mit Hilfe des zweiten Satzes von Berechtigungen. Das Verfahren gemäß Anspruch 15, worin der erste Satz von Berechtigungen verschiedene Berechtigungsniveaus für verschiedene Anwendungen einschließt. Ein Herstellungsartikel, auf dem maschinenlesbare Programmmittel zum Ermöglichen von erlaubnisbasiertem Zugang zu einer existierenden Sitzung implementiert sind, wobei der Herstellungsartikel Folgendes umfasst: computer-lesbare Programmmittel zum Hosting, auf einer elektronischen Vorrichtung (20), einer aktiven Betriebssystem-Anmeldesitzung (26) für ein gemeinsames Konto, wobei die elektronische Vorrichtung in Kommunikation mit einem Server (50) steht und das gemeinsame Konto mit einem Standard-Benutzerprofil erstellt wird, das nicht mit einem bestimmten interaktiven Benutzer verknüpft ist, computer-lesbare Programmmittel, die über die elektronische Vorrichtung (20) eine erste Kennung empfangen, welche einen ersten lokalen interaktiven Benutzer (30) identifiziert, computer-lesbare Programmmittel für die Verwendung der ersten Kennung, um einen ersten Satz von Berechtigungen für den ersten lokalen interaktiven Benutzer (30) abzurufen, wobei der erste Satz von Berechtigungen an einem Ort (70) gespeichert ist, auf den die elektronische Vorrichtung (20) und der Server (50) zugreifen können, und mindestens ein Berechtigungsniveau für mindestens eine von mindestens einer Anwendung (58, 60, 62) und ein Zugangsniveau für eine Server-gehostete Sitzung (52) anzeigt, die mit dem ersten lokalen interaktiven Benutzer verknüpft ist, und computer-lesbare Programmmittel zum Mapping des ersten lokalen interaktiven Benutzers (30) auf die Server-gehostete Sitzung (52) für den ersten lokalen interaktiven Benutzer unter Verwendung des ersten Satzes von Berechtigungen. Der Herstellungsartikel gemäß Anspruch 18, der weiter Folgendes umfasst: computer-lesbare Programmmittel zur Sperrung der aktiven Betriebssystem-Anmeldesitzung (26) auf der elektronischen Vorrichtung (20), computer-lesbare Programmmittel zum Empfangen einer zweiten Kennung, die einen zweiten lokalen interaktiven Benutzer (32) identifiziert, über die elektronische Vorrichtung (20) und computer-lesbare Programmmittel zum Unmapping des ersten lokalen interaktiven Benutzers (30) in der Server-gehosteten Sitzung (52) für den ersten lokalen interaktiven Benutzer (30) nach dem Empfang der zweiten Kennung, wobei der erste lokale interaktive Benutzers (30) unmapped wird, noch während die Betriebssystem-Anmeldesitzung (26) aktiv ist. Der Herstellungsartikel gemäß Anspruch 19, der weiter Folgendes umfasst: computer-lesbare Programmmittel zum Verwenden der zweiten Kennung, um einen zweiten Satz von Berechtigungen für den zweiten lokalen interaktiven Benutzer (32) abzurufen, wobei der zweite Satz von Berechtigungen an einem Ort (70) gespeichert ist, auf den die elektronische Vorrichtung (20) und der Server (50) zugreifen können, und mindestens ein Zugangsniveau für mindestens eine von mindestens einer Anwendung (58, 60, 62) und ein Zugangsniveau für eine Server-gehostete Sitzung (54) für den zweiten lokalen interaktiven Benutzer anzeigt, computer-lesbare Programmmittel zum Mapping des zweiten lokalen interaktiven Benutzers (32) in die Server-gehostete Sitzung (54) für den zweiten interaktiven Benutzer (32) mit Hilfe des zweiten Satzes von Berechtigungen und computer-lesbare Programmmittel zur Entsperrung der durchgängig aktiven Betriebssitzung (26) in der elektronischen Vorrichtung (20) nach dem Mapping des zweiten lokalen interaktiven Benutzers (32) in die Server-gehostete Sitzung (54) für den zweiten interaktiven Benutzer (32). Der Herstellungsartikel gemäß Anspruch 18, wobei der erste Satz von Berechtigungen verschiedene Berechtigungsniveaus für verschiedene Anwendungen einschließt. Der Herstellungsartikel gemäß Anspruch 18, der weiter Folgendes umfasst: computer-lesbare Programmmittel zum Empfang einer Kennung über eines von Folgendem: einen Netzhautscan, eine Fingerabdruck-Analyse, ein Gesichtserkennungsverfahren auf Softwarebasis und einen Näherungssensor. Der Herstellungsartikel gemäß Anspruch 18, der weiter Folgendes umfasst: computer-lesbare Programmmittel zum Empfangen, an einer Smartcard in Kommunikation mit der elektronischen Vorrichtung (20), der ersten Kennung in verschlüsselter Form. Der Herstellungsartikel gemäß Anspruch 23, wobei die Smartcard die Kennung zumindest teilweise entschlüsselt. Der Herstellungsartikel gemäß Anspruch 24, wobei eine entschlüsselte Kennung verwendet wird, um einen verschlüsselten Satz interaktiver Nutzerberechtigungen zu entschlüsseln. Der Herstellungsartikel gemäß Anspruch 18, wobei die erste Kennung verschlüsselt ist und weiter Folgendes umfasst: computer-lesbare Programmmittel zum Speichern der Vielzahl von Sätzen interaktiver Nutzerberechtigungen in verschlüsselter Form, computer-lesbare Programmmittel zum Entschlüsseln der ersten Kennung, computer-lesbare Programmmittel zum Abrufen eines verschlüsselten Satzes von Berechtigungen vom Speicherort und computer-lesbare Programmmittel zur Verwendung der entschlüsselten ersten Kennung, um dem verschlüsselten Satz von Berechtigungen, der vom Speicherort abgerufen wird, zu entschlüsseln.
REFERENCES CITED IN THE DESCRIPTION

This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description